REvil Actor Dangles a Million to Attract Potential Affiliates

REvil Actor Dangles a Million to Attract Potential Affiliates

REvil (aka Sodinokibi) ransomware group, one of the most active ransomware groups of our time, is apparently planning for something big. The group that focuses more on private Ransomware-as-a-Service (RaaS) operations has made a stunning declaration.

What happened?

The REvil ransomware group just deposited $1 million in bitcoins on a Russian-speaking hacker forum to attract more affiliates for their RaaS operations. Depositing such large money is a clear indication that the group is expanding or planning for something big.
According to an update on a forum post, they are recruiting new affiliates to spread their ransomware and looking for hackers skilled at penetration testing and few other technologies.
The group is now offering a 20%–30% cut to the developers behind this ransomware, and their affiliates will get 70%–80% of the ransom payments they generate.

Additional insights

The group seems to be changing its attack strategy. Until some time back, the ransomware operators were targeting retail organizations and manufacturers (mostly the food and beverage industry). However, recently, this has changed.

Attack techniques

The group has been more focused on its RaaS model to exploit unpatched vulnerabilities and send malicious files.

In one of the attacks, the group sent a malicious Office document that installed a backdoor on the bank's network.
The ransomware group has been exploiting the CVE-2019-11510 vulnerability that exists in the Pulse Secure VPN server.
In addition to this, the group was spotted revil actor dangles million attract potential affiliates